Cyberheat, Inc., ran sexually explicit websites for consenting adults. It hired other companies, called affiliates, to drive potential subscribers to its sites. The affiliates were paid a fee for each subscriber they generated. The contract that Cyberheat signed with its affiliates explicitly prohibited them from violating the CAN-SPAM Act. It also discouraged email promotions. However, Cyberheat did not investigate its affiliates, nor did it actively monitor their compliance. Cyberheat provided affiliates with a hyperlink to use in emails that would link them directly to the sexually explicit site being advertised.

The FTC alleged that ten Cyberheat affiliates violated CAN-SPAM by sending 642 unwelcome, sexually explicit spam emails for which they were paid $209,120 in commissions. In some cases the pornographic emails had fake subject lines, when in fact the email contained pornographic images.

Cyberheat received about 400 complaints, which it ignored or handled belatedly. Oftentimes the affiliate was allowed to continue for more than one year or was never terminated.

The Justice Department filed suit seeking civil penalties of up to $11,000 for each violation and an injunction to prohibit further violations. Both the FTC and Cyberheat filed motions for summary judgment.

Questions:

1. Did Cyberheat violate the CAN-SPAM Act?

2. Did Cyberheat know its affiliates were sending sexually explicit emails?

3. But, Cyberheat told its affiliates specifically not to violate the Act and discouraged them from using email. How can Cyberheat, then, be responsible for its affiliates violations?